Skip to main content

Hackers Assault Facebook with Devious Phishes

On Thursday, the popular social networking website Facebook was the subject of a phishing assault after hackers successfully compromised several accounts. As a result, many passwords were stolen, thus allowing the hackers to send phishing emails to other Facebook members listed as Friends. Currently Facebook's security team is working on "cleaning up the damage," and has blocked the compromised accounts until further notice. Fortunately, the problem hasn't spread across the entire 200 million user network, only affecting a small portion of accounts.

Facebook spokesman Barry Schnitt said Thursday that the phishing emails urged users to click on provided links to fake websites. In turn, these websites--www.151.im, www.121.im, and www.123.im--were designed to resemble the Facebook home page. The victim, thinking they're logging back into the real Facebook, unknowingly provides their user names and passwords to the hackers controlling the fake websites. With the login info in hand, the hackers thus repeat the process, compromising the user's account, send additional phishing emails, and gather personal details listed on the account for identity theft purposes.

With this kind of personal information, hackers can send spam outside Facebook to legit email addresses, and eventually gather financial details including credit card and banking account numbers through the usual fake link process (pharmaceuticals, male enhancement, etc). What makes this phishing scheme so clever is that Facebook members are somewhat trusting in that friends are approved before becoming part of the "trusted" network: a message sent by Mom's compromised account looks legit enough to take seriously, its embedded link unsuspicious. On a personal level, Facebook accounts usually provide extensive details to friends, including home phone numbers, places of employment, email addresses, and other useful information. In short, it's a gold mine for hackers looking for more ways to send spam and steal identities.

“There has been a definite ramp-up of attacks on Facebook over the last several months,” Michael Argast, an analyst at security software developer Sophos, told the New York Times. “As the user community grows, the criminal community sees an opportunity to make money.” He also said that Thursday's attack may be tied into a recent scam where hackers breaks into a Facebook account, impersonates the user, and posts a message to friends asking for money because the hacker is "in a pinch" in a faraway country. Friends falling for the scam usually send thousands of dollars to accounts not associated with the original user.

Currently the Facebook security team has blocked the three malicious websites; user's can't even type the fake domains in messages or in the status bar. Thankfully, the latest attack doesn't involve malicious files that are silently installed on user PCs. Facebook suggests that registered members access the website using an up-to-date browser with a built-in anti-phishing black list. Members should also use different login names and passwords for every website requiring login information, and be suspicious of sketchy messages hitting the Facebook Inbox, especially those asking for login and password information, or those from Marcus and Tuan asking for users to judge their "performance" recorded during the Tom's Karaoke Night this past Saturday (shivers).